monitoring-tasks

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill fetches Notion task page objects at runtime via query-tasks.sh (Query A/B) and then passes the resulting JSON (including outsider-authored task fields like titles/descriptions/issuer/assignees) into analyze-tasks.sh, which uses jq to read those fields and include them in the LLM context for reporting—this is outsider content from other users’ Notion tasks.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 03:44 PM
Issues
1
Security Audit — snyk — monitoring-tasks